HSTS - HTTP Strict Transport Security (HSTS) is a security policy which is necessary to protect secure HTTPS websites against downgrade attacks. It also aids protection against cookie hijacking. It allows web servers to declare that web browsers should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol.

Click to expand...

add_header X-Content-Type-Options "nosniff";
Why is disabled?

X-Content-Type-Options
Nice and easy to configure, this header only has one valid value, nosniff. It prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server. It reduces exposure to drive-by downloads and the risks of user uploaded content that, with clever naming, could be treated as a different content-type, like an executable.

Click to expand...

add_header X-Frame-Options DENY;
Why is disabled?

he page cannot be displayed in a frame, regardless of the site attempting to do so.

Click to expand...

spdy_headers_comp 5;
This module was superseded by the ngx_http_v2_module module in 1.9.5.

For HSTS read centminmod.com/nginx_domain_dns_setup.html#hsts and precautions as you can mess up your site if you do not understand what enabling HSTS means for your visitors and any other subdomain web site you run off the same *.domain.com

these 2 are still there as nginx 1.9.3-1.9.5 versions were where disabling HTTP/2 mean using SPDY/3.1 so Centmin Mod can actually auto detect if your Nginx version is using SPDY or HTTP/2 module and auto uncomment or comment out these 2 values depending on if Nginx used HTTP/2 or SPDY/3.1. If you removed those commented out settings, Centmin Mod won't be able to auto switch between them. Nginx 1.9.5+ now removed SPDY so no fall back just either with or without HTTP/2.

The rest need revising as I really should have these 3 setup not just for HTTPS but HTTP if you know what you're doing

into conf (location internal_data), but denay all setting clashed... then another aproach wth another addon, but there was more complicated solution for me cause this part was enigma for me (I think that I do not use fastcgi at all)